There is a worrying level of complacency towards the assessment of cyber risks during M&A deals, despite increasing awareness of the cyber security risks facing businesses.
A global survey of dealmakers found that 90 percent of respondents believe cyber breaches would result in a reduction in deal value and 83 percent believe a deal could be abandoned if cyber security breaches are identified during deal due diligence or mid-transaction.
The report, released by International law firm Freshfields Bruckhaus Deringer, also shows that 78 percent of respondents say cyber security is not a risk that is currently analyzed in-depth or dealt with in deal due diligence.
Dealmakers’ top concerns include targets suffering cyber-attacks during deal discussions, the target being a proven victim of data or intellectual property (IP) theft by cyber-attack, and evidence of a target not handling a past breach effectively.
Interestingly, acquirers (30%) are most concerned about cyber security issues derailing transactions, whereas 81% of sellers are unconcerned or only slightly concerned about the risk of derailment.
Awareness of the threat posed by cyber-attacks is growing, according to the survey, with 82 per cent of dealmakers saying that the risk of cyber-attacks will change deal processes over the next 18 months.
“Investors and corporates are starting to wake up to cyber risk. More companies are being penalised by shareholders for being a victim of an attack and executives are having to step down as a result," says Jane Jenkins, co-head of the firm’s international cyber security and defence teams.